Notification of Data Security Incident
December 30, 2022 – On July 5, 2022, during a routine security audit of its email environment, Mindpath Health discovered suspicious activity within its email environment. Upon discovery, Mindpath Health immediately secured our email environment and engaged a third-party forensic firm to investigate the nature and scope of the incident. During the investigation, our third-party forensic firm discovered that two employee email accounts had experienced unauthorized access: one in March, 2022 and the second in June, 2022. On November 15, 2022, following a thorough investigation, it was discovered that a limited amount of protected health information may have been accessed by an unauthorized third party in connection with this incident.
The information that was present in the impacted email account(s) included patient names, addresses, social security numbers, dates of birth, medical diagnosis and treatment information, health insurance information, and prescription information. Importantly, the information potentially impacted varies for each individual, and may include all, or just one of the above-listed types of information.
At this time, Mindpath Health is not aware of any evidence to suggest that any information has been, or will be, misused. However, Mindpath Health was unable to rule out the possibility that the information could have been accessed. Therefore, in an abundance of caution, Mindpath Health is notifying potentially impacted individuals of this incident.
In response to this incident, Mindpath Health has implemented additional security measures within its network and facilities. Additionally, individuals are encouraged to monitor their account statements and explanation of benefits forms for suspicious activity and to detect errors.
Mindpath Health has established a toll-free hotline to answer questions about the incident and to address related concerns. The number for the hotline is 1-833-758-9379.